Register

Forgot Password

Site FAQ

Home > IT Blogs > Irregular Expressions > CVE-2009-3555 Cisco update

>>VIEW ALL POSTS

Irregular Expressions

Jul 26 2010 3:24PM GMT

CVE-2009-3555 Cisco update

Posted by: Dan O'Connor

CVE-2009-3555

http://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml

This is something I covered at the start of the year, I just noticed today that Cisco has updated the their advisory for the vulnerability with patch information and additional products.

This was the issue that could allow a malicious user to use the renegotiation in SSL / TLS to preform a MIM / Man In The Middle attack on secure sessions.

I created somewhat of an explanation from a variety of sources, you can read it here http://itknowledgeexchange.techtarget.com/Irregular-Expressions/ssl-tls-renegotiation/

It’s a pretty interesting attack, the RFC has excellent information about renegotiation and why the protocol has the ability to do it. Also I think there is payload in Metaspoit to test it out, if there is not I know it’s out there if you look.

Comment

RSS Feed

Email a friend

Comment on this Post

Leave a comment:

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags

Irregular Expressions

CVE-2009-3555 Cisco update

Comment on this Post

About This Blog

Browse This Blog’s Tags

Archives

Blog Roll

Subscribe to Alerts